Characterized by Connectivity - mccright/FCCSCybersecurityInput GitHub Wiki

Network Endpoints

[They represent a diverse universe of hardware, software, and operations - and assumptions about what is good-enough - that may or may not align with your needs]

  • Mobile devices
    • With special emphasis on the apps they host
  • PCs and servers
  • Cloud-hosted:
    • Virtual machines
    • Application server services
    • Function execution services
    • Firewalls
    • Application gateways
    • Database services (of many types)
    • Storage (of many types)
    • Secret stores (vaults of many types and capabilities)
    • Commercial SaaS services
    • Domain Name Services
    • ...and much, much more
  • TVs
  • Cameras
  • Thermostats
  • Clocks
  • Picture frames
  • Lights
  • Door locks
  • Garage Door Opener systems
  • Access gates
  • Monitoring/alarm Systems
  • Weather stations
  • Cars, trucks, buses, trains, ships, and aircraft
  • Utility meters
  • Telecommunications infrastructure components
  • Energy production, transmission and distribution infrastructure components
  • Manufacturing infrastructure components
  • Massively shared 'cloud' infrastructure
  • ...much, much more

Key cybersecurity issues for many of these endpoints today:

  • Increasing complexity (often masked by 'simple' administrative interfaces)
  • User exhaustion with identity management
  • Rapid and diverse evolution of identity and identity lifecycle
  • Default passwords
  • Weak passwords
  • Weak encryption
  • [Default] configurations assuming trust
  • Resistance to misuse is weak or absent
  • Weak interface defenses
  • Constructed using vulnerable/exploitable components
  • Vulnerability disclosure policies and processes
  • Software/firmware update capabilities
  • Reset processes
  • Data leakage
  • Backup features that amount to Data leakage
  • Sharing features that amount to Data leakage
  • Extras that accompany applications or games at installation (or after)
    • Trashware that is not well-architected, -engineered, -implemented, or -maintained:
      • Adware: displays advertisements on your endpoint
      • Toolbars: Often browser add-ons that may expose new network interfaces and/or collect your data.
      • Browser extensions: Integrated into the browser and can provide risk-inappropriate features.
      • Trial software: Just software -- bringing any or all the risks listed above (and more)
      • Bloatware: Like "Trial software" above, but not just a trial...
      • Tracking software: Overtly hostile tracking features increasingly easily monitized
  • Ability to review / audit implementation, configuration, and operational details
  • ...much more

LEARNER RESOURCES: